![[x]](themes/dragonfly/images/minus.png "Show/hide content") Navigation  Startseite Community Nachrichten Suchen Projekte
Downloads (Top)
Languages
Design
Each user can view the site with a different theme.
Themes marked with a * also change the forum look.
|
Übersicht | Suchen
| Antwort | Schutz des direkten Zugriffs
Es ist eine neue bessere Methode verwendet:
PHP-Nuke:
Array:
if (eregi("block-Big_Story_of_Today.php", $_SERVER['PHP_SELF'])) {
Header("Location: index.php");
die();
}
CPG-Nuke:
Array:
if (!defined('CPG_NUKE')) { exit; }
Die gleiche methode wird auch für admin dateien verwendet:
Array:
if (!defined('ADMIN_PAGES')) { exit; }
|  | register_globals... to use them or not to use them?
PHP-Nuke overrode PHP's default setting for register_globals (OFF by default, as of PHP 4.2.0). Misuse of register_globals can compromise the security of a script, and in turn the entire server. It's safe to say that PHP-Nuke misused register_globals.
Take this bit of code for example:
Array:
if (isset($id)) { $id = intval($id); }
With register_globals on, $id could be set anywhere - a GET, POST, or even COOKIE request.
However, with register_globals off, $id cannot be set through any of these requests. In this case, a NULL value will be assigned to $id.
In order to allow $id to be set through a GET request, for example, we would change the above code to:
Array:
if (isset($_GET['id'])) { $id = intval($_GET['id']); }
For a POST request:
Array:
if (isset($_POST['id'])) { $id = intval($_POST['id']); }
Or to allow both GET and POST requests:
Array:
$id = (isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : ''));
(intval returns 0 if not a numeric as opposed to int() which returns null)
register_globals have been turned off as of CPG-Nuke 9.x.
Read more on register_globals here
| | Reduce code by using list()
A lot of code can be reduced by using PHP's list() function instead of assigning variables to the result set of an SQL query one by one.
Take this bit of code for example:
Array:
$sql = "SELECT yid, content FROM ".$prefix."_ephem WHERE did='$eday' AND mid='$emonth'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$yid = $row['yid'];
$content = $row['content'];
We can easily reduce this code by rewriting it as:
Array:
$sql = "SELECT yid, content FROM ".$prefix."_ephem WHERE did='$eday' AND mid='$emonth'";
$result = $db->sql_query($sql);
list($yid, $content) = $db->sql_fetchrow($result);
Read more on function list() here
| | Only fetch the needed data in a query
PHP-Nuke queries often selected all data from a selected table, only to perform a simple action such as counting the number of rows. Take this for example:
Array:
$total = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_referer"));
It is storing all data from cms_referer in the memory, a useless operation that takes up space. We can save memory by rewriting the code as:
Array:
$result = $db->sql_query("SELECT COUNT(*) FROM ".$prefix."_referer");
list($total) = $db->sql_fetchrow($result);
| | Obtaining information about the current user
In PHP-Nuke, if you wanted to obtain information about the given user, you would have to decode the cookie yourself, a process that is messy and insecure. A typical example looks something like:
Array:
if (is_user($user)) {
cookiedecode($user);
$userid = $cookie[0];
$username = $cookie[1];
}
NEVER attempt to decode the cookie yourself in CPG-Nuke!
Please take note that the $user and $admin variables are no longer used, thus they should not be used as arguments in the functions.
Follow this model for fetching information about a user:
Array:
if (is_user()) {
$userid = $userinfo['user_id'];
$username = $userinfo['username'];
}
| | Limiting access to administrator modules
In PHP-Nuke, extra code was wasted for determining if the given administrator had permission to access the requested admin module. A typical example looks something like:
Array:
$aid = substr("$aid", 0,25);
$row = $db->sql_fetchrow($db->sql_query("SELECT radminsuper FROM " . $prefix . "_authors WHERE aid='$aid'"));
if ($row['radminsuper'] == 1) {
We have replaced such code in CPG-Nuke with:
Array:
if (!can_admin()) { die('Access Denied'); }
Read more on function can_admin() here
| | Kann man PHP-Nuke themes, modules und blocks noch verwenden ?
In most cases you can, but you won't be able to use CPG-Nuke's collapsable blocks unless you modify the theme.
Open up themes/cpgnuke/theme.php to familiarize yourself with how everything works and what needs to be changed for compatibility with CPG-Nuke.
Also, due to the differences in our SQL abstraction layer, modules, blocks and themes need to be changed to use the correct abstraction layer ($db vs. $dbi).
| | Including the appropriate files
In PHP-Nuke, each module made a direct inclusion to mainfile.php, something like:
Array:
require_once("mainfile.php");
NEVER, EVER directly include mainfile.php OR config.php, anywhere
Only include header.php when needed, making the call like:
Array:
require_once('header.php');
| | Freeing the memory associated with MySQL result sets
When working with several result sets in a single script, the memory associated with these result sets can become congested. By using the simple function below, we can free all memory associated with the given result set:
Array:
$db->sql_freeresult($result);
Let's take this bit of code in context:
Array:
$result = $db->sql_query("SELECT * FROM ".$prefix."_referer");
list($rid, $url) = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
Please take note that all memory is automatically freed at the end of a PHP script.
| | $Version_Num vs. CPG_NUKE
As of CPG-Nuke 9.x, $Version_Num has become deprecated. Why? PHP-Nuke 8.x is around the corner and using $Version_Num to compare versions could cause a problem with CPG-Nuke 8.x. To eliminate the potential for this, a new constant has been created - CPG_NUKE, which stores the version of your CPG-Nuke.
If your modules use $Version_Num, please replace it with CPG_NUKE.
| |
|
1: DragonflyCMS > 9.1.x german Sprachpaket SIE und DU
